Lucene search
K

56 matches found

ATTACKERKB
ATTACKERKB
added 2023/11/28 10:15 a.m.4 views

CVE-2023-6151

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105...

7.5CVSS5.8AI score0.00596EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.3 views

PT-2023-32546

Name of the Vulnerable Software and Affected Versions e-municipality module version prior to 105 Description The issue allows an attacker to collect data as provided by users due to the incorrect use of privileged APIs. Recommendations For versions prior to 105, update to version 105 or later to...

7.5CVSS7.1AI score0.00596EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2023/09/14 8:15 p.m.5 views

CVE-2023-4972

Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1...

9.8CVSS7.3AI score0.00567EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/14 12:0 a.m.8 views

PT-2023-31310

Name of the Vulnerable Software and Affected Versions Digital Yepas version 1.0.0 Description The issue is related to an Improper Privilege Management vulnerability, allowing the collection of data as provided by users. This can be exploited due to the incorrect use of privileged APIs...

9.8CVSS7.2AI score0.00567EPSS
Exploits0References11
OSV
OSV
added 2023/07/24 4:15 p.m.3 views

CVE-2023-26078

Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs...

7.8CVSS5.8AI score0.00504EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/24 12:0 a.m.6 views

Atera Agent 安全漏洞

Atera Agent is the basis for an Atera monitoring system from Atera Corporation. A security vulnerability exists in Atera Agent version 1.8.4.4 and earlier, which stems from improper handling of privileged APIs, resulting in elevated privileges...

7.8CVSS7.6AI score0.00504EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.4 views

Metersphere 安全漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in Metersphere versions prior to 2.10.2 LTS, which stems from a lack of permission checking in certain critical APIs, allowing normal users to use the APIs of high-privileged...

8.8CVSS7.9AI score0.00711EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/05/11 8:47 a.m.3 views

CVE-2022-46307

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

8.8CVSS7.5AI score0.00734EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/23 12:0 a.m.4 views

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.0, which stems from incorrect use of privileged APIs...

8.1CVSS7.6AI score0.00633EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/06/20 12:0 a.m.4 views

PT-2022-14454 · Unknown · Polonel/Trudesk

Name of the Vulnerable Software and Affected Versions: polonel/trudesk versions prior to 1.2.4 Description: The issue concerns the incorrect use of privileged APIs in the GitHub repository polonel/trudesk. Recommendations: For versions prior to 1.2.4, update to version 1.2.4 or later to resolve t...

10CVSS9.4AI score0.03046EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/20 12:0 a.m.2 views

Trudesk 安全漏洞

Chris Brame Trudesk is an open source helpdesk/ticketing solution from Chris Brame USA. A security vulnerability exists in versions prior to Trudesk 1.2.4 that stems from the application's incorrect use of privileged APIs...

10CVSS8.3AI score0.03046EPSS
Exploits1References3
OSV
OSV
added 2021/01/08 1:15 a.m.1 views

DEBIAN-CVE-2021-1052

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and...

7.8CVSS6.9AI score0.00452EPSS
Exploits0References1
OSV
OSV
added 2021/01/07 12:0 a.m.4 views

UBUNTU-CVE-2021-1052

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and...

7.8CVSS7.1AI score0.00452EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.7 views

The vulnerability of the operator openshift-service-mesh/istio-rhel8-operator of the platform for behavior analysis and operational control over OpenShift Service Mesh network microservices allows attackers to enhance their privileges and gain unauthorized access to protected information.

The vulnerability of the operator of openshift-service-mesh/istio-rhel8-operator platform for analyzing network microservices and performing operational control is related to the improper use of privileged APIs. Exploiting this vulnerability allows a malicious actor to enhance their privileges an...

10CVSS7.6AI score0.013EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/09/19 12:0 a.m.4 views

The vulnerability of the .setuserparams2 procedure of the Ghostscript file conversion program allows a attacker to execute arbitrary commands or gain access to the file system.

The vulnerability of the .setuserparams2 procedure in the Ghostscript file conversion program is related to the improper use of privileged APIs. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands or gain access to the file system by circumventing t...

7.5CVSS5.8AI score0.02473EPSS
Exploits0References10Affected Software5
OSV
OSV
added 2018/11/14 3:29 p.m.5 views

CVE-2018-6083

Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page...

8.8CVSS7.4AI score0.0155EPSS
Exploits0References5
Rows per page
Query Builder